IETF Logo Mail Archive

Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)

Roman Danyliw <rdd@cert.org> Wed, 19 May 2021 22:00 UTC

Return-Path: <rdd@cert.org>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955063A20B2; Wed, 19 May 2021 15:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1p5cGWahvjN5; Wed, 19 May 2021 15:00:02 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 099FB3A20B4; Wed, 19 May 2021 15:00:01 -0700 (PDT)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 14JLxvOj012652; Wed, 19 May 2021 17:59:57 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 14JLxvOj012652
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1621461597; bh=SrXjC9jgFnlW76VpZf/tXRH6gzlx7ppcZOb7RfUIjF4=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=fg0ie7ZTsnOg2XoJiLwVknc9+6umYO1GdXW2EAzZT4vyCfOqR3HuDAqjFww7t5V+8 BBPPoUP5+9xp4GlCxhkrqvertDY46e48hXuXixogTIY5VFRiYawVPsYTTKHKXKzlDH rhO5FlLfg9MghR72l1pSFWPV/GZS67Z63jwxtBfs=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 14JLxoAo029846; Wed, 19 May 2021 17:59:51 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 19 May 2021 17:59:50 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2242.008; Wed, 19 May 2021 17:59:50 -0400
From: Roman Danyliw <rdd@cert.org>
To: Russ Housley <housley@vigilsec.com>
CC: IESG <iesg@ietf.org>, "draft-ietf-opsawg-finding-geofeeds@ietf.org" <draft-ietf-opsawg-finding-geofeeds@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, Ops Area WG <opsawg@ietf.org>, George Michaelson <ggm@algebras.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)
Thread-Index: AQHXTCnIwb8ZzXp60Uihj+Vd88HCiarrMa2AgAAn+IA=
Date: Wed, 19 May 2021 21:59:49 +0000
Message-ID: <4a5113cbdd134cc6ab64f0c8cd505887@cert.org>
References: <162137200225.19763.15610320941214951948@ietfa.amsl.com> <8CDA1FF9-1C6B-4FD8-9764-E3029949AEFB@vigilsec.com>
In-Reply-To: <8CDA1FF9-1C6B-4FD8-9764-E3029949AEFB@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.201.59]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/R-P88_TaiEDCLiSBQMXVjiyVdIg>
Subject: Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 22:00:08 -0000

Hi Russ!

Inline ...

> -----Original Message-----
> From: Russ Housley <housley@vigilsec.com>
> Sent: Wednesday, May 19, 2021 11:27 AM
> To: Roman Danyliw <rdd@cert.org>
> Cc: IESG <iesg@ietf.org>; draft-ietf-opsawg-finding-geofeeds@ietf.org;
> opsawg-chairs@ietf.org; Ops Area WG <opsawg@ietf.org>; George Michaelson
> <ggm@algebras.org>
> Subject: Re: Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-
> 10: (with DISCUSS and COMMENT)
> 
> Roman:
> 
> Addressing some of your comments below.  I'm leaving others to my co-
> authors.
> 
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > The validation process for the signature computed in Section 4 seems
> > underspecified.
> >
> > For example, let’s consider the example in Appendix A.  Through a whois
> query
> > for 192.0.2.0 one finds a “remarks:        Geofeed <https url>” field which
> > leads to a geofeed file which had the detached CMS signature blob “#
> > RPKI
> > Signature: 192.0.2.0/24” depicted at the end of Appendix A.  What
> > reference or text guides how to validate that signature in the RPKI
> > (akin to the level of detail in Section 3.3 of RFC7909 or RFC6125)?
> >
> > I’m inferring that the steps would roughly be:
> >
> > ** Download the end-entity certificate identified by the
> > subjectKeyIdentifier field via the pointer/URI in the
> > “subjectInfoAccess”  field extracted from the CMS signature blob
> >
> > ** Download the intermediate certificate identified by the
> > authorityKeyIdentifier field via the pointer/URI in the “caIssuer”
> > field extracted from the CMS signature blob
> >
> > ** Based on the RIR identified in the whois query, download the RPKI
> > trust anchor of the RIR
> >
> > ** Validate the certificate chain from the RPKI trust anchor down to
> > the end-entity certificate.  Check that all of the basicConstraints,
> > certificatePolicies, etc. are accurate.  Check the CRL.
> >
> > ** Verify that the end-entity certificate contains the IP address of
> > interest
> > (192.0.2.0) in the sbgp-ipAddrBlock field
> >
> > ** Validate the signature using the algorithm identified in the CMS
> > signature blog using the end-entity certificate
> >
> > Is that the process?  Is that stated somewhere in the document or
> > available via reference?
> 
> I suggest the following changes in Section 4:
> 
> OLD:
> 
>    Validation of the signing certificate needs to ensure that it is part
>    of the current manifest and that the resources are covered by the
>    RPKI certificate.
> 
>    As the signer specifies the covered RPKI resources relevant to the
>    signature, the RPKI certificate covering the inetnum: object's
>    address range is included in the [RFC5652] CMS SignedData
>    certificates field.
> 
>    Identifying the private key associated with the certificate, and
>    getting the department with the Hardware Security Module (HSM) to
>    sign the CMS blob is left as an exercise for the implementor.  On the
>    other hand, verifying the signature requires no complexity; the
>    certificate, which can be validated in the public RPKI, has the
>    needed public key.
> 
> NEW:
> 
>    As the signer specifies the covered RPKI resources relevant to the
>    signature, the RPKI certificate covering the inetnum: object's
>    address range is included in the [RFC5652] CMS SignedData
>    certificates field.
> 
>    Identifying the private key associated with the certificate, and
>    getting the department with the Hardware Security Module (HSM) to
>    sign the CMS blob is left as an exercise for the implementor.  On the
>    other hand, verifying the signature requires no complexity; the
>    certificate, which can be validated in the public RPKI, has the
>    needed public key.
> 
>    The trust anchors for the RIRs are expected to already be available
>    to the party performing signature validation.  Validation of the CMS
>    signature on the geofeed file involves:
> 
>    1.  Obtain the signer's certificate from an RPKI Repository.  The certificate
>        SubjectKeyIdentifier extension [RFC5280] MUST match the
>        SubjectKeyIdentifier in the CMS SignerInfo SignerIdentifier [RFC5652].
>        If the key identifiers do not match, then validation MUST fail.
> 
>    2. Construct the certification path for the signer's certificate.  All of
>        the needed certificates are expected to be readily available in the
>        RPKI Repository.  The certification path MUST be valid according to
>        the validation algorithm in [RFC5280] and the additional checks
>        specified in [RFC3779] associated with the IP Address Delegation
>        certificate extension and the Autonomous System Identifier Delegation
>        certificate extension.  If certification path validation is unsuccessful, then
>        validation MUST fail.
> 
>    3. Validate the CMS SignedData as specified in [RFC5652] using the
>        public key from the validated signer's certificate.  If the signature
>        validation is unsuccessful, then validation MUST fail.
> 
>    4. Verify that the IP Address Delegation certificate extension [RFC3779]
>        covers the address range of the geofeed file.  If the address range is
>        not covered, then validation MUST fail.
> 
>    If all of these steps MUST be successful to consider the geofeed file
>    signature as valid.

Works for me.  Thanks for precisely stating the CMS field names which would not have been recognizable from my above short hand notation.

> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Thank you to Kyle Rose for the SECDIR review.
> >
> > ** Section 3.  "It is only used to authenticate a pointer to the
> > geofeed file and transport integrity of the data."
> >
> > To separate the notion of the transport security provided with TLS and
> > the object security provided by the RPKI signature, it might be cleaner to say:
> >
> > TLS and the web PKI authenticate the domain name in the URL and
> > provides confidentiality and integrity for the geofeed file in transit.
> 
> The RPKI signature ought to be sufficient to consider the signature valid.  The
> WebPKI is providing authentication and integrity of the fetched data, but if any
> of the data is modified at any point in the process, the RPKI signature will catch
> it.
> 
> > ** Section 4.  Per “Borrowing detached signatures from [RFC5485] …”,
> > I’m having trouble following which concept is being borrowed to
> > elevate this to a normative reference.
> 
> With the changes to address your DISCUSS, this can probably be an
> informational reference.

Agreed.

> > ** Section 4.  Per “the RPKI certificate covering the inetnum:
> > object's address range is included in the [RFC5652] CMS SignedData
> > certificates field”, can a more specific statement be made to say that
> > it would be the sbgp-ipAddrBlock field in the certificate?
> 
> I think this is already explained in the definition of 'covers'.  Am I missing
> something?

With the precision you provided in the response to the DISCUSS, I would have rephrased my original comment to:

NEW
... the RPKI certificate covering the inetnum: object's address range is included in the IP Address Delegation certificate extension [RFC3779] field.


> > object's address range is included in the [RFC5652] CMS SignedData
> > certificates field

> > ** Section 4.  Per the format of the signature appended to the geofeed file:
> >       # RPKI Signature: 192.0.2.0/24
> >       #
> MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKo
> Z
> >       #
> IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7h
> Zu
> >       ...
> >       #
> imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa
> >       # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=
> >       # End Signature: 192.0.2.0/24
> >
> > -- Are the header “# RPKI Signature: 192.0.2.0/24” and footer “# End
> Signature:
> > 192.0.2.0/24” syntactically required?  If would seem so, but that’s
> > never explicitly stated and can only be inferred via the example.  It
> > would be helpful to explicitly clarify that.
> 
> Yes, they are required.  Randy, can you suggest a MUST statement?

I figured.  I'm thinking it just needs a sentence to say that.

> > ** Appendix A.
> >
> > Section 4 says: “As the signer specifies the covered RPKI resources
> > relevant to the signature, the RPKI certificate covering the inetnum: object's
> address
> > range is included in the [RFC5652] CMS SignedData    certificates field.” I was
> > expecting the end-entity certificate to encode “192.0.2.0/24” in the
> > sbgp-ipAddrBlock field.  The CA certificate has this IP block, but the
> > end-entity certificate decodes the sbgp-ipAddBlock field to “IPv4:
> > inherit
> > IPv6: inherit”.  Is that expected -- to have both an ipv4 and ipv6
> > annotation (since the previous certificate in the chain only mentioned
> > IPv4), and not explicitly repeat the IPv4 value?
> 
> This will be done when the CA is issuing a subordinate certificate explicitly for
> geofeed signing.  This is good key hygene to use a given key for only one
> purpose.

There was a CMS structure subtlety that I didn't understand.  The CA cert made no reference to v6, but the end-point one did.

Regards,
Roman

> Russ
>

v2.23.0 | Report a Bug | By Email